Ivanti Pulse Connect 9.1 - SAML SSO Agent Configuration - SecurID Access Implementation Guide
2 years ago
Originally Published: 2021-10-01

Ivanti Pulse Connect 9.1 - SAML SSO Agent Configuration - SecurID Access Implementation Guide

This section describes how to integrate SecurID SecurID Access with Ivanti Pulse Connect using a SAML SSO Agent.

Architecture Diagram

Admin_Dharani_0-1633103951176.png

 

Configure SecurID Cloud Authentication Service

Perform these steps to configure SecurID Cloud Authentication Service as an SSO Agent SAML IdP to Ivanti Pulse Connect.

 

Procedure

  1. Sign into the SecurID Cloud Administration Console.

  2. Browse to Applications > Application Catalog, search for Pulse Connect Secure and click +Add to add the connector.

    Admin_Dharani_1-1633104010079.png

     

  3. Step through the setup pages to configure the connector.

      1. Basic Information .

        1. Set value for Name.

    Admin_Dharani_2-1633104042392.png

     

    1. Connection Profile.

        1. Set value for Connection URL . This is the connection URL defined within Pulse Connect.

        2. Note the Value for Identity Provider URL This will be used later in Pulse Connect for configuration.

        3. Load or generate the certificates used for SAML Response Signature.

        4. set the value for Service Provider URL. This is found/defined below in the Section configuring.

        5. set the value for SP Entity IDThis is found/defined below in the Section configuring.

      Admin_Dharani_3-1633104070054.png

       

      Admin_Dharani_4-1633104102154.png

       

    2. User Access.

        1. choose you required Access policy.

      Admin_Dharani_5-1633104129478.png

       

    3. Portal Display.

        1. Change portal URL if you require.

        2. Click Save and Finish.

      Admin_Dharani_6-1633104157825.png

       

  4. When connector setup is complete Download the IDP Metadata. This can be imported in Pulse Connect to ease configuration.

      1. Browse to Applications -> My Applications.

      2. Scroll down to the created Application for Pulse Connect Secure.

      3. On right hand side choose Edit -> Export Metadata.

    Admin_Dharani_7-1633104187350.png

     

  5. Click on Publish Changes when all final changes have been made. Note if you make additional changes you will have to re-publish the changes.

 

Configure Ivanti Pulse Connect

Perform these steps to configure Ivanti Pulse Connect as an SSO Agent SAML SP to SecurID  Cloud Authentication Service.

Procedure

  1. Log into the Pulse Connect Secure Administrator page.

  2. Ensure the FQDN is configured for SAML.

      1. Browse to System -> Configuration -> SAML.

      2. Click on Settings.

      3. Review/Update the FQDN for SAML.

      4. Save Changes.

      5. Click on Update Entity ID's.

    Admin_Dharani_8-1633104259098.png

     

    Admin_Dharani_9-1633104296539.png

     

    Admin_Dharani_10-1633104328218.png

     

  3. Create New SAML IDP Provider.

      1. Browse to System -> Configuration -> SAML.

      2. Click on New Metadata Provider.

      3. Set Name.

      4. Upload Metadata file. This was exported from SecurID previously.

      5. Upload Certificate.

      6. Ensure Roles is Identity Provider is checked.

      7. Save Changes.

    Admin_Dharani_11-1633104374107.png

     

    Admin_Dharani_12-1633104407699.png

     

    Admin_Dharani_13-1633104438833.png

     

  4. Create an Authentication Server for SAML.

      1. Browse to Authentication -> Auth. Servers.

      2. Select SAML as the Server type and click on New Server.

      3. Set Server Name.

      4. Set SAML Version to 2.0.

      5. Note the Connect Secure Entity Id. This is the URL will change for each SAML Auth. Server. This value is used in the configuration of the SecurID connector above.

      6. Set the Identity Provider Id based on the Configuration Mode. This can be manually entered or choose Metadata from dropdown.

      7. Load Certificate corresponding to the certificate configured above.

      8. Set Metadata Validity to a reasonable value for your use case.

      9. Save and Close.

    Admin_Dharani_14-1633104499373.png

     

    Admin_Dharani_15-1633104532728.png

     

    Admin_Dharani_16-1633104569665.png

     

  5. Create a User Realm.

      1. Browse to Users -> User Realms.

      2. Click on New.

      3. Enter a unique Name.

      4. Set Authentication. Choose the appropriate Authentication Server from the dropdown list.

      5. Save Changes.

      6. Select Role Mapping Tab and Click on New Rule... to create your required Rule as needed to further restrict access based on your requirements. ie. user name is * to match all user ids. Make sure to Add a Role to the Rule.  Users is the default system Role of all users . Click on Save Changes.

    Admin_Dharani_17-1633104626997.png

     

    Admin_Dharani_18-1633104654101.png

     

    Admin_Dharani_19-1633104687544.png

     

  6. Create a Sign-in Policy.

      1. Browse to Authentication -> Signing-In -> Sign-in Policies.

      2. Click on New URL....

      3. Select User type based on your.

      4. Set Sign-in URL. This is the URL for the given Secure Access Service.

      5. Select the associated Realm and click Add.

      6. Save Changes.

    Admin_Dharani_20-1633104736288.png

     

    Admin_Dharani_21-1633104767835.png

     

 

Next Step: Proceed to the Use Case Configuration Summary section for information on how to apply the SAML SSO Agent configuration to your use case.

Related Articles

Trending Articles

Don't see what you're looking for?